Tutorials/Tips

Android Touch-Event Hijacking

With the recent release of Android 2.3 (Gingerbread), developers can now protect themselves from a new twist on an old bug: TapJacking. Like ClickJacking on the web, TapJacking occurs when a malicious application displays a fake user interface that seems like it can be interacted with, but actually passes interaction events such as finger taps to a hidden user interface behind it. Using this technique, an attacker could potentially trick a user into making purchases, clicking on ads, installing an application, granting permissions, or even wiping all of the data from their phone.

Related Post:  OpenStack Monitoring With Elasticsearch, Logstash, and Kibana

Earlier this year we contacted the Android Security Team at Google about the issue and they were able to build a fix into Android 2.3 (Gingerbread). In Android, an attacker is able to display the fake user interface by creating a customized notification (called a Toast) to obscure the real interface. To allow developers to protect their user interfaces from TapJacking, Android 2.3 added the ability for Views to prevent interaction events when they are obscured by another view.

Related Post:  How to enable VestaCP commands in your PATH

Essentially, this makes a View only usable when it is visible, eliminating the possibility for a user to accidentally interact with a hidden View. The new feature for View objects can be used in two ways: by setting the filterTouchesWhenObscured property to true or by implementing the onFilterTouchEventForSecurity method. It’s important to remember that the new security features require developers to explicitly set them to protect from TapJacking.

How TapJacking works:
[vimeo]http://vimeo.com/17648348[/vimeo]

Read the complete article on The Lookout Blog

Subscribe to LinuxBSDos.com

Subscribe to receive the latest articles in your Inbox

Trust me, you'll not be spammed...

Please share:

We Recommend These Vendors and Free Offers

Register now for Blockchain & Cryptocurrency Con 2018, international conference on blockchain technnology in Dallas, TX (USA), Feb. 23-24, 2018. A 50% discount for students.

Best WhatsApp Plus features in Gbwhatsapp latest APK download

Best binary auto trading software reviews by 7binaryoptions.com

Google has got competition, because Presearch is building a blockchain-based search engine controlled by the community. At $0.15 a token, you can participation in Lot 3 of the token sale by clicking here

Open Money is building a solution that will run mainstream software on blockchain tech. Click here to get free tokens that will be the digital currency of the platform

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).


Leave a Comment

Your email address will not be published. Required fields are marked *

*